Top Hottest Cyberattacks in the World in 2020 (Part 2)

In this article, NSV continues to “review” major organizations that were unfortunate enough to fall victim to cyberattacks. This shows that cybersecurity solutions must be continuously improved and updated if organizations want to avoid attacks and critical data breaches that can lead to collapse and loss of customer trust.

Clark County School District Attacked in August

The attack on the Clark County School District (CCSD) in Nevada exposed a new cybersecurity risk: student data leaks. CCSD revealed that it was hit by a ransomware attack on August 27, which may have resulted in the theft of student data.

After the district refused to pay the ransom, an update was posted acknowledging media reports that student data had been leaked online as a consequence. Although the exact information exposed remains unclear, the threat of leaked student data represents a new low for threat actors and highlights a shift toward identity theft in attacks targeting schools.

Software AG

The German software giant became the victim of a double extortion attack that began on October 3, forcing the shutdown of internal systems and eventually leading to a major data breach.

Files were encrypted and stolen by the operators behind the Clop ransomware. According to multiple media reports, a ransom of USD 20 million was demanded, but Software AG refused to pay. As a result, the ransomware gang carried out its threat and published confidential data on a leak site, including employees’ passport details, internal emails, and financial information.

The Clop operators were not the only group using double extortion tactics. “Name-and-shame” strategies became increasingly common throughout 2020 and are now standard practice for many ransomware gangs.

Cyberattack on Vastaamo Psychotherapy Center

Finland’s largest private psychotherapy provider confirmed that it became the victim of a data breach on October 21, during which attackers stole confidential patient records.

The attack set a new precedent: instead of extorting the organization, the criminals targeted patients directly. As of last month, 25,000 crime reports had been filed with Finnish police.

The government treated the incident with extreme seriousness and urgency. Finland’s Minister of the Interior convened an emergency meeting with key cabinet members and arranged crisis counseling services for potential victims of the extortion scheme.

FireEye and SolarWinds Supply Chain Attack

FireEye triggered a chain of events on December 8 by disclosing that suspected nation-state hackers had breached its systems and stolen Red Team tools.

On December 13, the company revealed that the nation-state-level attack resulted from a massive supply chain compromise involving SolarWinds. FireEye named the backdoor campaign “UNC2452” and stated that it enabled threat actors to access numerous government and corporate networks worldwide.

According to a joint statement on December 17 by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence, the attacks were still ongoing. The statement also noted that the supply chain attack mainly affected the Orion platform.

CISA added that it had “evidence indicating that the Orion supply chain compromise was not the only initial infection vector used by the APT actors.”

Since then, major technology companies such as Intel, Nvidia, and Cisco disclosed that they had received malicious SolarWinds updates, although they reported finding no evidence that attackers had exploited the backdoor.

However, on December 31, Microsoft revealed that attackers had breached its network and viewed—though not modified or stolen—its source code. Microsoft also stated that there was no evidence that customer data or company products and services were affected.

SolarWinds

The scale of the attack, the sophistication of the threat actors, and the high-profile victims involved made this not only the largest cyberattack of 2020 but possibly of the entire decade.

The incident highlighted the dangers of supply chain attacks and raised serious questions about how such a large company could have such weak cybersecurity practices.

Attackers began reconnaissance in March and implanted a backdoor in SolarWinds’ Orion platform, which was activated when customers updated their software. SolarWinds issued a security advisory stating that the backdoor affected Orion Platform versions 2019.4 HF5 through 2020.2.1, released between March and June 2020.

“We have been informed that this attack may have been carried out by an external nation-state and was intended to be a narrow, carefully targeted, and manually executed operation, rather than a broad automated attack,” the company said.

During the three-week investigation that followed, the full scope of the attack expanded significantly and has still not been fully uncovered.

Conclusion

Above are the major cyberattacks of 2020 affecting well-established organizations, especially in the technology sector. These incidents show that no organization is immune—whether a cybersecurity firm or a technology company—if it becomes a target without adequate preventive measures.

As NSV emphasizes, cybersecurity must always be a top priority for organizations and must be continuously updated to keep pace with global trends. Only then can businesses ensure operational safety and strengthen customer trust.